<?php
	if (!empty($_POST['username'])) {
		$sql = "SELECT id, email FROM users WHERE username = '{$_POST['username']}' OR email = '{$_POST['username']}'";
		$qry = db_query($sql);
		if (db_num_rows($qry) == 1) {
			$user = db_fetch_assoc($qry);
			$user['password'] = password();
			
			if (db_save($user, 'users', true)) {
				if (mail($user['email'], 'Password Reset', "Your new password is:\n{$user['password']}\n\n", 'From: ' . FROM_EMAIL)) message('Your new password has been emailed to you.');
				else error('Your password was reset, but the email notification failed to send.');
				
				location('/login.html');
			}
		}
	}
?>

<form method="post">
	<fieldset>
		<legend>Password Reset</legend>
		
		<label for="username">
			Enter your Username or Email Address
			<input type="text" name="username" id="username" value="" autocomplete="off" />
		</label>
		
		<input type="submit" value="Email My New Password" />
	</fieldset>
	<a href="/login.html">Login</a>
</form>